SOCstock Session 2021
Leveraging OSINT to track cyber threat actors: Redux
Senior Threat Intelligence Analyst at PwC
In the cyber threat intelligence world, OSINT is often synonymous with technical indicators and internet scanning tools. While these play a major role in tracking cyber threat actors, there are non-technical OSINT techniques that support both tracking and attribution of threat actors. These types of techniques can further support an analyst in clustering activity, attributing operators and finding new samples.
Several cases demonstrating these techniques, include contextualizing the information operation of the Lab Dookhtegan leaks with postmortem social media accounts; using indictment and sanction announcements about IRGC-affiliated actors to pivot on and find information that has not been previously reported by the FBI; and using news media to expose an Iran-based threat actor targeting the technology sector.